Recently active topics

CISA issued Binding Operational Directive 26-04 on June 10, 2026, fundamentally reshaping how federal agencies must prioritize and remediate vulnerabilities. Rather than treating all CVEs with equal urgency, BOD 26-04 establishes a risk-tiered patching framework built around four variables: whether the asset is publicly exposed, whether the vulnerability is in the Known Exploited Vulnerabilities (KEV) catalog, whether the exploit can be automated by an adversary, and the technical impact an attacker achieves after exploitation. The directive allows agencies to defer the lowest-risk vulnerabilities entirely to the next system upgrade, while demanding the fastest action—three days—on the highest-risk combinations. This post outlines what the directive requires and how Forward Enterprise helps organizations answer the questions that determine each risk tier. This directive supersedes both BOD 22-01 (Known Exploited Vulnerabilities) and BOD 19-02 (Vulnerability Remediation for Internet-Acc

  As part of a network initiative, I’m sharing all the scripts that I have worked on to create an audit program. These files feed are then fed into PowerBi for better visualization by engineers and mgmt.PowerBi PresentationStarting with AAA.First step is create a utility called, “tag_var_util” to grab tags, of which, will be used as part of the logic to assign a template to different sets of attribtues.This utility will then be imported on all other NQE Audit Scripts.// Best practice is to tag all devices with the following:// Environment && Sub-Environment && Manager && Region && Function && VRF && Mgmt-Interface (source interface for mgmt. traffic)// Each Script will import the utilities: import "PROD/Standards_Network/NetworkVars/tag_var_util"; let region = get_region_from_tags(device.tagNames) let deviceFunc = get_function_from_tags(device.tagNames) let environment = get_env_from_tags(device.tagNames) let vrf = retur

we are using below format to collect the data from Fortinet firewall for custom command. endconfig globalshow system dnsshow system ntp can anyone check and confirm ,these will not impact anything ,if i remove config gloabl , than command will not run. 

There is a specific section of the AFM config which refers to the default action of the firewall, the below query checks that the default action is Drop.F5 AFM Config to check for.}sys db tm.fw.defaultaction {    value "drop"} /** * @intent Check that all F5's that are running AFM have the default action set to deny * @description THis will check sys db tm.fw.defaultaction for the value drop and error * if it is not drop. **/// Note {} have been removed as they can not be included in the pattern.defaultPattern = ```sys db tm.fw.defaultaction value "drop"```;foreach device in network.deviceswhere device.platform.os == OS.F5foreach command in device.outputs.commands//Check for only the F5's with AFM Configwhere command.commandType == CommandType.F5_AFM_CONFIG//Extract the command response.let AFMConfig = parseConfigBlocks(OS.F5,command.response)//Match the patternlet match = blockMatches(AFMConfig,defaultPattern)let violation = if length(match) == 0 then true else falselet DropActio

 Here are a set of 3 scripts for:NXOSEOSIOS (and IOS-XE)The scripts look for configuration related to source interfaces.  Over the years, engineers have used Loopback0, dedicated management interfaces, Loopback10, or other random interfaces to source traffic from. We have an an inititiative to clean these inconsistencies up.These scripts parse through the configs looking anything related to the ‘source-interface’ or ‘local-interface’ etc. Then it finds the associated configuration of those interfaces, such as IP Address, VRF, description.I have also tuned them to ignore parts of the configuration that are not important to the effort , ex:no ip redirectsno ip route-cacheno ip unreachablesno ip proxy-arpip mtu {number}load-interval {number}ip helper-address {string}negotiation autostandbye {string}etc...Cisco NXOS/*** * @intent Source-Interface Extraction (NXOS) * @description Extracts all source-interface configs and interface details from config text.***/// --- 1. Helper Functions ---g

Forward brings in Fortinet firewalls as the device its self and the VDOM’s this becomes challenging when you need to validate the tacacs configuration for the physical device this means quite often the vdoms or even the root vdom will fail even though tacacs is configured on the device.The simple solution is to add a permitted violation list, however this needs to be maintained manually there must be a better solution surely?userTacacs =```config user tacacs+ edit "TACACS" set server [server 1 IP Address] set secondary-server [server 2 IP Address] set key ENC {string} set secondary-key ENC {string} set authorization enable nextend```;systemAdmin = ```config system admin edit "tacacs" set remote-auth enable set accprofile "no_access" set vdom {vdoms:string} set wildcard enable set remote-group "TACACS_ACCESS" set accprofile-override enable```;foreach device in network.deviceswhere device.platform.v